<?php
header('Content-type: application/json;charset=utf-8');
require_once(dirname(__FILE__) . '/../include/common.inc.php');
require_once(dirname(__FILE__) . '/inc/manageui.inc.php');
//require_once "function.php";

session_start();
$op = isset($_POST['op']) ?  htmlspecialchars($_POST['op']) : "";
$username = isset($_POST['username']) ?  htmlspecialchars($_POST['username']) : "";
$password = isset($_POST['password']) ? htmlspecialchars($_POST['password']) : "";


if ($op=="" || $username=="" || $password=="" ) {
    $return_data['code'] = '24';
    $return_data['msg'] = '请不要非法操作';
    $return_data['data'] = '';
    $data = json_encode($return_data);
    echo $data;
    exit;
}

if (isset($op)) {


    $password =  md5(md5($password));

    //检查登录
    if ($op == 'check') {
        //删除已过时记录
        $dosql->ExecNoneQuery("DELETE FROM `#@__failedlogin` WHERE (UNIX_TIMESTAMP(NOW())-time)/60>15");


        //判断是否被暂时禁止登录
        $r = $dosql->GetOne("SELECT * FROM `#@__failedlogin` WHERE `username`='$username'");
        if (is_array($r)) {
            $min = round((time() - $r['time'])) / 60;
            if ($r['num'] == 0 and $min <= 15) {
                $return_data['code'] = '-1';
                $return_data['msg'] = '您的密码已连续错误6次，请15分钟后再进行登录！';
                $return_data['data'] = [];
                $data = json_encode($return_data);
                echo $data;
                exit;
            }
        }

        //获取用户信息
        $row = $dosql->GetOne("SELECT * FROM `#@__admin` WHERE `username`='$username'");

        //获取管理组信息
        if (isset($row) && is_array($row))
            $row2 = $dosql->GetOne("SELECT `groupsite`,`checkinfo` FROM `#@__admingroup` WHERE `id`=" . $row['levelname']);



        if (isset($row) && is_array($row)) {
            //密码错误
            if ($password != $row['password']) {
                $return_data['code'] = '-2';
                $return_data['msg'] = '密码错误';
                $return_data['data'] = [];
                $data = json_encode($return_data);
                echo $data;
                exit;
            } else {


                $logintime = time();
                $loginip = GetIP();

                //设置登录站点
                $r = $dosql->GetOne("SELECT `id`,`sitekey` FROM `#@__site` WHERE `id`=" . $row2['groupsite']);
                if (isset($r['id']) &&
                    isset($r['sitekey'])) {
                    $_SESSION['siteid'] = $r['id'];
                    $_SESSION['sitekey'] = $r['sitekey'];
                } else {
                    $_SESSION['siteid'] = '';
                    $_SESSION['sitekey'] = '';
                }

                //提取当前用户账号
                $_SESSION['admin'] = $row['username'];

                //提取当前用户权限
                $_SESSION['adminlevel'] = $row['levelname'];

                //提取上次登录时间
                $_SESSION['lastlogintime'] = $row['logintime'];

                //提取上次登录IP
                $_SESSION['lastloginip'] = $row['loginip'];
                //提取当前用户权限 楼盘
                $_SESSION['nickname'] = $row['nickname'];
                $_SESSION['uid'] = $row['uid'];

                //记录本次登录时间
                $_SESSION['logintime'] = $logintime;

                //更新登录数据
                $dosql->ExecNoneQuery("UPDATE `#@__admin` SET loginip='$loginip',logintime='$logintime' WHERE `username`='$username'");

                //更新操作日志
                SetSysEvent('login');



                $return_data['code'] = '0';
                $return_data['msg'] = '登陆成功';
                $return_data['data'] = [];
                $data = json_encode($return_data);
                echo $data;
                exit;

            }


        } else {
            $return_data['code'] = '-3';
            $return_data['msg'] = '用户名不存在';
            $return_data['data'] = [];
            $data = json_encode($return_data);
            echo $data;
            exit;
        }
    }
}


//更新操作日志
function SetSysEvent($m = '', $cid = '', $a = '')
{
    global $dosql;

    $sql = "INSERT INTO `#@__sysevent` (uname, siteid, model, classid, action, posttime, ip) VALUE ('" . $_SESSION['admin'] . "', '" . $_SESSION['siteid'] . "', '$m', '$cid', '$a', '" . time() . "', '" . GetIP() . "')";

    //更新操作日志
    //一分钟内连续操作只记录一次
    $r = $dosql->GetOne("SELECT `posttime` FROM `#@__sysevent` WHERE `uname`='" . $_SESSION['admin'] . "' AND `siteid`=" . $_SESSION['siteid'] . " AND `model`='$m' ORDER BY id DESC");
    if (!isset($r['posttime']))
        $dosql->ExecNoneQuery($sql);

    else if (isset($r['posttime']) &&
        ($r['posttime'] < time() - 60))
        $dosql->ExecNoneQuery($sql);
}

?>